In an effort to nudge along the process of standardizing the use of DANE with TLS's use of raw public keys, I have written a short Internet-Draft that defines how these keys can be authenticated by using TLSA records.
Name: draft-gilmore-dane-rawkeys Revision: 00 Title: Authenticating Raw Public Keys with DANE TLSA Document date: 2014-06-20 Group: Individual Submission Pages: 7 URL: http://www.ietf.org/internet-drafts/draft-gilmore-dane-rawkeys-00.txt Status: https://datatracker.ietf.org/doc/draft-gilmore-dane-rawkeys/ Htmlized: http://tools.ietf.org/html/draft-gilmore-dane-rawkeys-00 Abstract: This document standardizes how the Domain Name System can authenticate Raw Public Keys. Transport Level Security now has the option to use Raw Public Keys, but they require some form of external authentication. The document updates RFC 6698 to allow the Domain Name System to standardize the authentication of more types of keying material. The TLS extension for raw public keys, which inspired this work, is currently very late in the IETF publication process, but not quite published, here: "Using Raw Public Keys in Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)" https://www.rfc-editor.org/authors/rfc7250.txt John _______________________________________________ dane mailing list [email protected] https://www.ietf.org/mailman/listinfo/dane
